Packet Log - WhenU/MediaTraffic, Unknown Company, LocalPages, InfoSpace, Google Covering Advertisers' Sites with Advertisers' Own Google Ads
Google Still Charging Advertisers for Conversion-Inflation Traffic from WhenU Spyware - Ben Edelman
This page gives a packet log of traffic occurring as WhenU, interemediaries, and Google claim credit for organic traffic originating at Continental.com. Traffic flows from WhenU to an unknown company using the server at IP 205.144.163.203 to LocalPages to InfoSpace to Google, and finally back to Continental. All testing occurred on January 1, 2010.
This page gives screenshots showing on-screen displays as traffic flowed from WhenU through intermediaries and on to Google and finally back to the site I was initially browsing, Continental.com. All testing occurred on January 1, 2010.
See also discussion in main article, as well as screenshots and video.
In each step of transmissions, yellow highlighting marks redirect instructions, green highlighting marks the next redirect step, and pink highlighting marks the names of the parties involved.
WhenU observes me browsing the Continental site, and obtains PPC search listings to show in a popup
GET /NBCSearch?itk=VgBe8&ver=4.22&tid=45584&patid=P226&xpatid=P226&ptr=SYNC0001&msa=CUS,SMA,R5&cut=Y&num=5&act=07711115<cciso>&tpl=328pd&kwd=airline%20tickets HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: bidtxt.whenu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 01 Jan 2010 17:52:40 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Sat, 1 Jan 2000 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
<html xml:space="preserve">
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
<style type="text/css">
* {font-family:"Trebuchet MS"; color:#003399; font-size:10px; letter-spacing:0px;}
#coupon_main { width:100%; height:580px; padding:0px; overflow-y:auto; }
.itemTitle { padding-left:5px;font-family:arial,helvetica,sans-serif; font-size:11px; font-weight:bold; color:#00319C; text-decoration:underline;}
.item { font-family:arial,helvetica,sans-serif; font-size:11px; color:#000000; }
.itemLink { font-size:14px;color:#009C00;text-decoration:none; }
.listing {padding-left:14px;padding-right:10px;padding-top:10px;height:42px;color:#C600FF;background:#EEE9FF;font-size:22px;font-weight:bold;text-transform:capitalize;border-bottom:1px solid #C6C6F0;}
.rowOn {padding:5 0;background:#E1F0FB;}
.rowOn TD {height:105px;border-bottom:1px solid #D2E5F2;}
.rowOff {padding:5 0;background:#FFFFFF;}
.rowOff TD {height:105px;border-bottom:1px solid #D2E5F2;}
.listimg { padding:2px;border:1px solid #B5B5B5;width:82px;height:82px;}
.listimg IMG { width:80px;}
.brandimg {width:110px}
.tips {font-size:12px;padding:10px 5px;border-right:1px solid #D5CECE;color:#000000;}
.question {color:blue;font-weight:bold;font-size:12px;}
#answer, #answer I {color:#CB1414;font-weight:bold;font-size:12px;}
.titleNormal
{
font-family:arial,helvetica,sans-serif; font-size:18px; font-weight:bold; color:#0000FF; text-decoration:underline; cursor:;
}
.titleHover
{
font-family:arial,helvetica,sans-serif; font-size:18px; font-weight:bold; color:#C600FF; text-decoration:underline; cursor:pointer;
}
.titleInactive
{
font-family:arial,helvetica,sans-serif; font-size:18px; font-weight:bold; color:gray; text-decoration:underline; cursor:;
}
.urlNormal
{
font-size:14px;color:#009C00;text-decoration:none;cursor:;
}
.urlHover
{
font-size:14px;color:#C600FF;text-decoration:underline;cursor:pointer;
}
.urlInactive
{
font-size:14px;color:gray; text-decoration:none;cursor:;
}
.dittoNormal
{
cursor:;
}
.dittoHover
{
cursor:pointer;
}
</style>
<script language="javascript" type="text/javascript">
<!--
//==========================================================================
// Grab the search term and escape any apostrophes
//==========================================================================
var searchTerm = 'airline tickets';
//==========================================================================
// MouseOver and Grey Out function
//==========================================================================
var obj = new Array();
function doThis(theurl,object,area,currentObject)
{
var doStyle=true;
for(x=obj.length-1;x>=0;x-=1)
{
if(obj[x]==object)
{
doStyle=false;
}
}
if(theurl=='mouseOver')
{
if(doStyle)
{
if(area=='title')
currentObject.className='titleHover';
else if(area=='url')
currentObject.className='urlHover';
else if(area=='ditto')
currentObject.className='dittoHover';
}
else
{
currentObject.style.cursor="";
}
}
else if(theurl=='mouseOut')
{
if(doStyle)
{
if(area=='title')
currentObject.className='titleNormal';
else if(area=='url')
currentObject.className='urlNormal';
else if(area=='ditto')
currentObject.className='dittoNormal';
}
}
else
{
if(obj.length==0)
{
//external.application.open(theurl,"newwin","flagPlainIE=0,top=0,left=0,width="+(screen.availWidth)+",height="+(screen.availHeight)+",location,menubar,status,toolbar,resizable,scrollbars");
window.open(theurl);
obj[0]=object;
object.style.cursor="";
}
else
{
var exists=false;
for(x=obj.length-1;x>=0;x-=1)
{
if(obj[x]==object) exists=true;
}
if(!exists)
{
//external.application.open(theurl,"newwin","flagPlainIE=0,top=0,left=0,width="+(screen.availWidth-10)+",height="+(screen.availHeight-10)+",menubar=yes,status=yes,toolbar=yes,resizable=yes,scrollbars=yes");
window.open(theurl);
obj[obj.length]=object;
object.style.cursor="";
}
}
object.style.color='#666666';
object.style.background="#f3f3f3";
//additional code for graying out title and url
var tmp=object.id;
tmp=tmp.substring(tmp.length-1,tmp.length);
//document.getElementById('title'+tmp).style.color="gray";
//document.getElementById('title'+tmp).style.cursor="";
//document.getElementById('itemLink'+tmp).style.color="gray";
//document.getElementById('itemLink'+tmp).style.cursor="";
document.getElementById('title'+tmp).className='titleInactive';
document.getElementById('itemLink'+tmp).className='urlInactive';
document.getElementById('ditto'+tmp).className='dittoNormal';
//currentObject.style.cursor="";
}
}
function openURL(theurl)
{
window.open(theurl);
}
function dittoImageFail(image){
var failedImageURL = "http://offers.whenu.com/images/spacer.gif";
image.src = failedImageURL;
}
-->
</script>
<script language="javascript" src="http://offers.whenu.com/pop_up/whenusearch.js"></script>
<script language="javascript" type="text/javascript" src="http://js.ditto.com/DittoIA.jsh?pid=9468"></script>
</head>
<body bgcolor="#FFFFFF" topmargin="0" leftmargin="0" MARGINWIDTH="0" MARGINHEIGHT="0" unselectable="on">
<div id="coupon_main">
<div class="listing" valign="middle"><span style="font-weight:normal;color:#000000;font-size:18px;">Sponsored Links:</span>
airline tickets</div>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
<script language="javascript">
<!--
var theDomain1 = "";
var status1 = "";
var theURL1 = 'http://BookingBuddy.com';
var matchTerm = /\/\//;
var newURL1 = theURL1.split(matchTerm);
if (searchProvider.match(/^(ESpotting)/)) {
theurls.push('http://cpcfeed.mediatraffic.com/popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3D2c7dcbe08e3e882b877be073a6b8e645%26s%3Dw410%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1811301273136;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2');
}
if(newURL1[1]) {
var newURL1_2 = newURL1[1].split(/[\/?]/);
theDomain1 = newURL1_2[0];
status1 = "Go to " + theDomain1;
} else {
//theDomain1 = "Click Here";
theDomain1 = theURL1;
status1 = "Go to " + theURL1;
}
//status1 = "Go to " + theDomain1;
-->
</script>
<tr>
<td valign="top" align="middle">
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr class="rowOff" id="row1" >
<td width="14"></td><td class="item" style="border-bottom:1px; border-bottom-style:solid; border-bottom-color:#D2E5F2;"><script type="text/javascript">
<!--
var PID = 9468;
var imgURL = 'http://BookingBuddy.com';
imgURL = imgURL.substring(imgURL.indexOf('http'),imgURL.length);
//LogVppRequest('',PID);
var dittoImg = GetIAProductImageDetails('airline tickets','Airline Tickets from $49','Find Cheap Airline Ticket Deals from only $49 Each Way. Save Now!',imgURL,'',false);
var clickThroughURL='http://cpcfeed.mediatraffic.com/popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3D2c7dcbe08e3e882b877be073a6b8e645%26s%3Dw410%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1811301273136;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2';
var poz='1';
-->
</script>
<script type="text/javascript">
document.write('<div class="brandimg" style="float:left;padding:5px 0px;"><img src="'+dittoImg+'" id="ditto'+poz+'" onError="dittoImageFail(this)" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" height="80" /></div>');
document.write('<div class="item"><span id="title'+poz+'" class="titleNormal" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);">');
document.write(' Airline Tickets from $49');
document.write('</span>');
document.write('<br>');
document.write('Find Cheap Airline Ticket Deals from only $49 Each Way. Save Now!');
document.write('<br>');
document.write('<span id="itemLink'+poz+'" class="itemLink" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);">');
document.write( theDomain1);
document.write('</span></div>');
</script>
<br>
</td></tr>
</table>
</td></tr>
<script language="javascript">
<!--
var theDomain2 = "";
var status2 = "";
var theURL2 = 'http://www.Bing.com';
var matchTerm = /\/\//;
var newURL2 = theURL2.split(matchTerm);
if (searchProvider.match(/^(ESpotting)/)) {
theurls.push('http://cpcfeed.mediatraffic.com/popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3Dce9b9d95b60d2b810c16144f1b5b01df%26s%3Dw410%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1811301273136;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2');
}
if(newURL2[1]) {
var newURL2_2 = newURL2[1].split(/[\/?]/);
theDomain2 = newURL2_2[0];
status2 = "Go to " + theDomain2;
} else {
//theDomain2 = "Click Here";
theDomain2 = theURL2;
status2 = "Go to " + theURL2;
}
//status2 = "Go to " + theDomain2;
-->
</script>
<tr>
<td valign="top" align="middle">
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr class="rowOff" id="row2" >
<td width="14"></td><td class="item" style="border-bottom:1px; border-bottom-style:solid; border-bottom-color:#D2E5F2;"><script type="text/javascript">
<!--
var PID = 9468;
var imgURL = 'http://www.Bing.com';
imgURL = imgURL.substring(imgURL.indexOf('http'),imgURL.length);
//LogVppRequest('',PID);
var dittoImg = GetIAProductImageDetails('airline tickets','Cheap Airfare Deals','Save Time & Money With Easy Booking & Great Deals. Search Bing â„¢ Now.',imgURL,'',false);
var clickThroughURL='http://cpcfeed.mediatraffic.com/popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3Dce9b9d95b60d2b810c16144f1b5b01df%26s%3Dw410%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1811301273136;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2';
var poz='2';
-->
</script>
<script type="text/javascript">
document.write('<div class="brandimg" style="float:left;padding:5px 0px;"><img src="'+dittoImg+'" id="ditto'+poz+'" onError="dittoImageFail(this)" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" height="80" /></div>');
document.write('<div class="item"><span id="title'+poz+'" class="titleNormal" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);">');
document.write(' Cheap Airfare Deals');
document.write('</span>');
document.write('<br>');
document.write('Save Time & Money With Easy Booking & Great Deals. Search Bing â„¢ Now.');
document.write('<br>');
document.write('<span id="itemLink'+poz+'" class="itemLink" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);">');
document.write( theDomain2);
document.write('</span></div>');
</script>
<br>
</td></tr>
</table>
</td></tr>
<script language="javascript">
<!--
var theDomain3 = "";
var status3 = "";
var theURL3 = 'http://continental.com';
var matchTerm = /\/\//;
var newURL3 = theURL3.split(matchTerm);
if (searchProvider.match(/^(ESpotting)/)) {
theurls.push('http://cpcfeed.mediatraffic.com/popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3D93cd3b072123241d668b0ecf2284624f%26s%3Dw410%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1811301273136;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2');
}
if(newURL3[1]) {
var newURL3_2 = newURL3[1].split(/[\/?]/);
theDomain3 = newURL3_2[0];
status3 = "Go to " + theDomain3;
} else {
//theDomain3 = "Click Here";
theDomain3 = theURL3;
status3 = "Go to " + theURL3;
}
//status3 = "Go to " + theDomain3;
-->
</script>
<tr>
<td valign="top" align="middle">
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr class="rowOff" id="row3" >
<td width="14"></td><td class="item" style="border-bottom:1px; border-bottom-style:solid; border-bottom-color:#D2E5F2;"><script type="text/javascript">
<!--
var PID = 9468;
var imgURL = 'http://continental.com';
imgURL = imgURL.substring(imgURL.indexOf('http'),imgURL.length);
//LogVppRequest('',PID);
var dittoImg = GetIAProductImageDetails('airline tickets','Continental Airlines','Flights to over 260 destinations. Low fare guarantee. Official site.',imgURL,'',false);
var clickThroughURL='http://cpcfeed.mediatraffic.com/popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3D93cd3b072123241d668b0ecf2284624f%26s%3Dw410%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1811301273136;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2';
var poz='3';
-->
</script>
<script type="text/javascript">
document.write('<div class="brandimg" style="float:left;padding:5px 0px;"><img src="'+dittoImg+'" id="ditto'+poz+'" onError="dittoImageFail(this)" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" height="80" /></div>');
document.write('<div class="item"><span id="title'+poz+'" class="titleNormal" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);">');
document.write(' Continental Airlines');
document.write('</span>');
document.write('<br>');
document.write('Flights to over 260 destinations. Low fare guarantee. Official site.');
document.write('<br>');
document.write('<span id="itemLink'+poz+'" class="itemLink" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);">');
document.write( theDomain3);
document.write('</span></div>');
</script>
<br>
</td></tr>
</table>
</td></tr>
<script language="javascript">
<!--
var theDomain4 = "";
var status4 = "";
var theURL4 = 'http://MakeMyTrip.Com';
var matchTerm = /\/\//;
var newURL4 = theURL4.split(matchTerm);
if (searchProvider.match(/^(ESpotting)/)) {
theurls.push('http://cpcfeed.mediatraffic.com/popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3D30040023bacb2111cba414783141eecb%26s%3Dw410%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1811301273136;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2');
}
if(newURL4[1]) {
var newURL4_2 = newURL4[1].split(/[\/?]/);
theDomain4 = newURL4_2[0];
status4 = "Go to " + theDomain4;
} else {
//theDomain4 = "Click Here";
theDomain4 = theURL4;
status4 = "Go to " + theURL4;
}
//status4 = "Go to " + theDomain4;
-->
</script>
<tr>
<td valign="top" align="middle">
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr class="rowOff" id="row4" >
<td width="14"></td><td class="item" style="border-bottom:1px; border-bottom-style:solid; border-bottom-color:#D2E5F2;"><script type="text/javascript">
<!--
var PID = 9468;
var imgURL = 'http://MakeMyTrip.Com';
imgURL = imgURL.substring(imgURL.indexOf('http'),imgURL.length);
//LogVppRequest('',PID);
var dittoImg = GetIAProductImageDetails('airline tickets','Find Cheap Air Tickets','Get Fantastic Offers On Air Tickets Only With MakeMyTripâ„¢. Book Now!',imgURL,'',false);
var clickThroughURL='http://cpcfeed.mediatraffic.com/popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3D30040023bacb2111cba414783141eecb%26s%3Dw410%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1811301273136;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2';
var poz='4';
-->
</script>
<script type="text/javascript">
document.write('<div class="brandimg" style="float:left;padding:5px 0px;"><img src="'+dittoImg+'" id="ditto'+poz+'" onError="dittoImageFail(this)" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" height="80" /></div>');
document.write('<div class="item"><span id="title'+poz+'" class="titleNormal" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);">');
document.write(' Find Cheap Air Tickets');
document.write('</span>');
document.write('<br>');
document.write('Get Fantastic Offers On Air Tickets Only With MakeMyTripâ„¢. Book Now!');
document.write('<br>');
document.write('<span id="itemLink'+poz+'" class="itemLink" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);">');
document.write( theDomain4);
document.write('</span></div>');
</script>
<br>
</td></tr>
</table>
</td></tr>
<script language="javascript">
<!--
var theDomain5 = "";
var status5 = "";
var theURL5 = 'http://LowFares.com';
var matchTerm = /\/\//;
var newURL5 = theURL5.split(matchTerm);
if (searchProvider.match(/^(ESpotting)/)) {
theurls.push('http://cpcfeed.mediatraffic.com/popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3D885fb94e7607dd853e91e48a605660a8%26s%3Dw410%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1811301273136;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2');
}
if(newURL5[1]) {
var newURL5_2 = newURL5[1].split(/[\/?]/);
theDomain5 = newURL5_2[0];
status5 = "Go to " + theDomain5;
} else {
//theDomain5 = "Click Here";
theDomain5 = theURL5;
status5 = "Go to " + theURL5;
}
//status5 = "Go to " + theDomain5;
-->
</script>
<tr>
<td valign="top" align="middle">
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr class="rowOff" id="row5" >
<td width="14"></td><td class="item" style="border-bottom:1px; border-bottom-style:solid; border-bottom-color:#D2E5F2;"><script type="text/javascript">
<!--
var PID = 9468;
var imgURL = 'http://LowFares.com';
imgURL = imgURL.substring(imgURL.indexOf('http'),imgURL.length);
//LogVppRequest('',PID);
var dittoImg = GetIAProductImageDetails('airline tickets','Find Super Cheap Flights','Fares Just Dropped! Flights Starting at $49*',imgURL,'',false);
var clickThroughURL='http://cpcfeed.mediatraffic.com/popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3D885fb94e7607dd853e91e48a605660a8%26s%3Dw410%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1811301273136;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2';
var poz='5';
-->
</script>
<script type="text/javascript">
document.write('<div class="brandimg" style="float:left;padding:5px 0px;"><img src="'+dittoImg+'" id="ditto'+poz+'" onError="dittoImageFail(this)" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'ditto\',this);" height="80" /></div>');
document.write('<div class="item"><span id="title'+poz+'" class="titleNormal" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'title\',this);">');
document.write(' Find Super Cheap Flights');
document.write('</span>');
document.write('<br>');
document.write('Fares Just Dropped! Flights Starting at $49*');
document.write('<br>');
document.write('<span id="itemLink'+poz+'" class="itemLink" onmouseover="doThis(\'mouseOver\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);" onmouseout="doThis(\'mouseOut\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);" onclick="doThis(\''+clickThroughURL+'\',document.getElementById(\'row\'+\''+poz+'\'),\'url\',this);">');
document.write( theDomain5);
document.write('</span></div>');
</script>
<br>
</td></tr>
</table>
</td></tr>
</table>
</div>
</body>
</html>
WhenU's MediaTraffic redirects to NamiMedia
GET /popup.php?up=http%3A%2F%2F205.144.163.203%2Fr1.php%3Fh%3D8adab85d3c78ae396ca13278ef588d19%26s%3Dw310%26px%3D1%26ai%3D3973%26st%3Dairline%2Btickets&mtatmpdat=cc:0.158;ci:0.263;iun:1731301164166;ai:mediatraffic_GoogUS;ca:1568742;ad:10393;uid:736742;tr:mtasars&seq=airline%20tickets&subid=08711115840&tpt=&idnet=1264&flgcpc=2 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: cpcfeed.mediatraffic.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Fri, 01 Jan 2010 18:06:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Location: http://205.144.163.203/r1.php?h=8adab85d3c78ae396ca13278ef588d19&s=w310&px=1&ai=3973&st=airline+tickets
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
NamiMedia redirects to Click Forensics and onwards to LocalPages
GET /r1.php?h=8adab85d3c78ae396ca13278ef588d19&s=w310&px=1&ai=3973&st=airline+tickets HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: 205.144.163.203
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 01 Jan 2010 16:54:57 GMT
Server: Apache/2.0.63 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 2782
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script type="text/javascript">
if (window.innerWidth < 150 && 0) {
var furl;
furl = 'http://localhost/fraud.php?aff='+3973+'&fid='+;
var xmlhttp;
if (window.XMLHttpRequest) { // code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
} else if (window.ActiveXObject) { // code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function() {
if(xmlhttp.readyState==4) {
document.myForm.time.value=xmlhttp.responseText;
}
}
xmlhttp.open("GET","fraud.php?aff=3973&fid=",true);
xmlhttp.send(null);
location.href="http://205.144.163.203/r2.php?h=8adab85d3c78ae396ca13278ef588d19&e=&s=w310&ai=3973&dip=&r=&oref=&c=&wf=fraud";
}
</script>
<head>
<script type="text/javascript">
window.history.forward(1);
function clicklink() {
if (document.all) {
document.all("url").click();
} else {
location.href="http://205.144.163.203/r2.php?h=8adab85d3c78ae396ca13278ef588d19&e=&s=w310&ai=3973&dip=&r=&oref=&c=";
}
}
function clickredirect () {
document.redirect.submit();
}
</script>
</head>
<body onLoad="clickredirect();">
<a href="http://205.144.163.203/r2.php?h=8adab85d3c78ae396ca13278ef588d19&e=&s=w310&ai=3973&dip=&r=&oref=&c=&pixel=fraud" target='_top'><img src="./includes/spacer.gif" width="1" height="1" /></a>
<form name="redirect" method="POST" action="http://205.144.163.203/r2.php?h=8adab85d3c78ae396ca13278ef588d19&e=&s=w310&ai=3973&dip=&r=&oref=&c=">
<input type="hidden" name="h" value="8adab85d3c78ae396ca13278ef588d19">
<input type="hidden" name="e" value="">
<input type="hidden" name="s" value="w310">
<input type="hidden" name="ai" value="3973">
<input type="hidden" name="dip" value="">
<input type="hidden" name="r" value="">
<input type="hidden" name="oref" value="">
<noscript><a href="http://205.144.163.203/r2.php?h=8adab85d3c78ae396ca13278ef588d19&e=&s=w310&ai=3973&dip=&r=&oref=&c=" target='_top'>Click here to redirect to this website.</a></noscript>
</form>
<a href="http://205.144.163.203/r2.php?h=8adab85d3c78ae396ca13278ef588d19&e=&s=w310&ai=3973&dip=&r=&oref=&c=" id='url' target='_top'></a>
</body>
</html>
<script>
document.location.href = "http://205.144.163.203/r2.php?h=8adab85d3c78ae396ca13278ef588d19&e=&s=w310&ai=3973&dip=&r=&oref=&c=";
</script>
<meta http-equiv="refresh" content="7;url=http://205.144.163.203/k.php?ai=3973&url=http%3A%2F%2F205.144.163.203%2Fr2.php%3Fh%3D8adab85d3c78ae396ca13278ef588d19%26e%3D%26s%3Dw310%26ai%3D3973%26dip%3D%26r%3D%26oref%3D%26c%3D" />
GET /r2.php?h=8adab85d3c78ae396ca13278ef588d19&e=&s=w310&ai=3973&dip=&r=&oref=&c= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: 205.144.163.203
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 01 Jan 2010 16:54:57 GMT
Server: Apache/2.0.63 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=hr3mdrit3hm3u7lu0tqmopoa42; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: SessionCookie=hr3mdrit3hm3u7lu0tqmopoa42; expires=Sat, 01-Jan-2011 16:54:57 GMT; path=/; domain=.163.203
http: //clickforensics.localpages.com/rc.php?affiliate=XXX123&subid=126484008711115840&Terms=airline+tickets&IP=...&rpp=5&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%29&ai=3973&nolog=1&nocache=1&ad=http://continental.com/&oref=
Content-Length: 1471
Connection: close
Content-Type: text/html; charset=UTF-8
<html>
<head>
<script type="text/javascript">
window.history.forward(1);
function clicklink() {
if (document.all) {
document.all("url").click();
} else {
location.href="http://clickforensics.localpages.com/rc.php?affiliate=XXX123&subid=126484008711115840&Terms=airline+tickets&IP=...&rpp=5&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%29&ai=3973&nolog=1&nocache=1&ad=http://continental.com/&oref=";
}
}
</script>
</head>
<body onLoad="clicklink();">
<a href="http://clickforensics.localpages.com/rc.php?affiliate=XXX123&subid=126484008711115840&Terms=airline+tickets&IP=...&rpp=5&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%29&ai=3973&nolog=1&nocache=1&ad=http://continental.com/&oref=" id='url' target='_top'></a>
<noscript><a href="http://clickforensics.localpages.com/rc.php?affiliate=XXX123&subid=126484008711115840&Terms=airline+tickets&IP=...&rpp=5&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%29&ai=3973&nolog=1&nocache=1&ad=http://continental.com/&oref=" target='_top'>Click here to redirect to this website.</a></noscript>
</body>
</html>
<script>
document.location.href = "http://clickforensics.localpages.com/rc.php?affiliate=XXX123&subid=126484008711115840&Terms=airline+tickets&IP=...&rpp=5&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%29&ai=3973&nolog=1&nocache=1&ad=http://continental.com/&oref=";
</script>
GET /rc.php?affiliate=XXX123&subid=126484008711115840&Terms=airline+tickets&IP=...&rpp=5&ua=Mozilla%2F4.0+%28compatible%3B+MSIE+6.0%3B+Windows+NT+5.1%29&ai=3973&nolog=1&nocache=1&ad=http://continental.com/&oref= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: clickforensics.localpages.com
Connection: Keep-Alive
Cookie: SessionCookie=lpcjki2je1a9ah57baci8tu5j6
HTTP/1.1 302 Found
Date: Fri, 01 Jan 2010 18:06:34 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Location: http://205.144.163.203/r1.php?h=725a007be1ec114bef9bd2ceb80da0c8&s=w210&px=1&wf=1&dip=623d0aaad74fecd36312f7b8f28de99c&ai=3973&fm=935&st=airline+tickets&oref=
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
GET /r1.php?h=725a007be1ec114bef9bd2ceb80da0c8&s=w210&px=1&wf=1&dip=623d0aaad74fecd36312f7b8f28de99c&ai=3973&fm=935&st=airline+tickets&oref= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Cookie: PHPSESSID=hr3mdrit3hm3u7lu0tqmopoa42
Connection: Keep-Alive
Host: 205.144.163.203
HTTP/1.1 200 OK
Date: Fri, 01 Jan 2010 16:55:01 GMT
Server: Apache/2.0.63 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 3076
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script type="text/javascript">
if (window.innerWidth < 150 && 1) {
var furl;
furl = 'http://localhost/fraud.php?aff='+3973+'&fid='+935;
var xmlhttp;
if (window.XMLHttpRequest) { // code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
} else if (window.ActiveXObject) { // code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function() {
if(xmlhttp.readyState==4) {
document.myForm.time.value=xmlhttp.responseText;
}
}
xmlhttp.open("GET","fraud.php?aff=3973&fid=935",true);
xmlhttp.send(null);
location.href="http://205.144.163.203/r2.php?h=725a007be1ec114bef9bd2ceb80da0c8&e=&s=w210&ai=3973&dip=623d0aaad74fecd36312f7b8f28de99c&r=&oref=&c=&wf=fraud";
}
</script>
<head>
<script type="text/javascript">
window.history.forward(1);
function clicklink() {
if (document.all) {
document.all("url").click();
} else {
location.href="http://205.144.163.203/r2.php?h=725a007be1ec114bef9bd2ceb80da0c8&e=&s=w210&ai=3973&dip=623d0aaad74fecd36312f7b8f28de99c&r=&oref=&c=";
}
}
function clickredirect () {
document.redirect.submit();
}
</script>
</head>
<body onLoad="clickredirect();">
<a href="http://205.144.163.203/r2.php?h=725a007be1ec114bef9bd2ceb80da0c8&e=&s=w210&ai=3973&dip=623d0aaad74fecd36312f7b8f28de99c&r=&oref=&c=&pixel=fraud" target='_top'><img src="./includes/spacer.gif" width="1" height="1" /></a>
<form name="redirect" method="POST" action="http://205.144.163.203/r2.php?h=725a007be1ec114bef9bd2ceb80da0c8&e=&s=w210&ai=3973&dip=623d0aaad74fecd36312f7b8f28de99c&r=&oref=&c=">
<input type="hidden" name="h" value="725a007be1ec114bef9bd2ceb80da0c8">
<input type="hidden" name="e" value="">
<input type="hidden" name="s" value="w210">
<input type="hidden" name="ai" value="3973">
<input type="hidden" name="dip" value="623d0aaad74fecd36312f7b8f28de99c">
<input type="hidden" name="r" value="">
<input type="hidden" name="oref" value="">
<noscript><a href="http://205.144.163.203/r2.php?h=725a007be1ec114bef9bd2ceb80da0c8&e=&s=w210&ai=3973&dip=623d0aaad74fecd36312f7b8f28de99c&r=&oref=&c=" target='_top'>Click here to redirect to this website.</a></noscript>
</form>
<a href="http://205.144.163.203/r2.php?h=725a007be1ec114bef9bd2ceb80da0c8&e=&s=w210&ai=3973&dip=623d0aaad74fecd36312f7b8f28de99c&r=&oref=&c=" id='url' target='_top'></a>
</body>
</html>
<script>
document.location.href = "http://205.144.163.203/r2.php?h=725a007be1ec114bef9bd2ceb80da0c8&e=&s=w210&ai=3973&dip=623d0aaad74fecd36312f7b8f28de99c&r=&oref=&c=";
</script>
<meta http-equiv="refresh" content="7;url=http://205.144.163.203/k.php?ai=3973&url=http%3A%2F%2F205.144.163.203%2Fr2.php%3Fh%3D725a007be1ec114bef9bd2ceb80da0c8%26e%3D%26s%3Dw210%26ai%3D3973%26dip%3D623d0aaad74fecd36312f7b8f28de99c%26r%3D%26oref%3D%26c%3D" />
GET /r2.php?h=725a007be1ec114bef9bd2ceb80da0c8&e=&s=w210&ai=3973&dip=623d0aaad74fecd36312f7b8f28de99c&r=&oref=&c= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: 205.144.163.203
Connection: Keep-Alive
Cookie: PHPSESSID=hr3mdrit3hm3u7lu0tqmopoa42
HTTP/1.1 200 OK
Date: Fri, 01 Jan 2010 16:55:03 GMT
Server: Apache/2.0.63 (CentOS)
X-Powered-By: PHP/5.1.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: SessionCookie=hr3mdrit3hm3u7lu0tqmopoa42; expires=Sat, 01-Jan-2011 16:55:03 GMT; path=/; domain=.163.203
Content-Length: 4179
Connection: close
Content-Type: text/html; charset=UTF-8
<html>
<head>
<script type="text/javascript">
window.history.forward(1);
function clicklink() {
if (document.all) {
document.all("url").click();
} else {
location.href="http://localpages.com/ipd.php?search=airline tickets&url=http%3A%2F%2Fwsclick.infospace.com%2Fclickserver%2F_iceUrlFlag%3D1%3FrawURL%3Dhttp%253A%252F%252Fwww.google.com%252Faclk%253Fsa%253DL%2526ai%253DCPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ%2526num%253D1%2526sig%253DAGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ%2526q%253Dhttp%253A%252F%252Fclickserve.dartsearch.net%252Flink%252Fclick%25253Flid%25253D43000000254803952%252526ds_s_kwgid%25253D58000000005443796%252526ds_e_adid%25253D5120795206%252526ds_e_matchtype%25253Dsearch%252526ds_url_v%25253D2%260%3D%261%3D0%264%3D70.42.254.106%265%3D...%269%3D15670783499344509667916ab88aca01%2610%3D1%2611%3Dlocalpages.id4%2613%3Dsearch%2614%3D245874%2615%3Dmain-title%2617%3D1%2618%3D1%2619%3D1%2620%3D1%2621%3D0%2622%3DVfium5PcWrM%253D%2640%3D64sWa%252FQpHV7bt6E6LwdfDQ%253D%253D%26_IceUrl%3Dtrue%0A++++";
}
}
</script>
</head>
<body onLoad="clicklink();">
<a href="http://localpages.com/ipd.php?search=airline tickets&url=http%3A%2F%2Fwsclick.infospace.com%2Fclickserver%2F_iceUrlFlag%3D1%3FrawURL%3Dhttp%253A%252F%252Fwww.google.com%252Faclk%253Fsa%253DL%2526ai%253DCPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ%2526num%253D1%2526sig%253DAGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ%2526q%253Dhttp%253A%252F%252Fclickserve.dartsearch.net%252Flink%252Fclick%25253Flid%25253D43000000254803952%252526ds_s_kwgid%25253D58000000005443796%252526ds_e_adid%25253D5120795206%252526ds_e_matchtype%25253Dsearch%252526ds_url_v%25253D2%260%3D%261%3D0%264%3D70.42.254.106%265%3D...%269%3D15670783499344509667916ab88aca01%2610%3D1%2611%3Dlocalpages.id4%2613%3Dsearch%2614%3D245874%2615%3Dmain-title%2617%3D1%2618%3D1%2619%3D1%2620%3D1%2621%3D0%2622%3DVfium5PcWrM%253D%2640%3D64sWa%252FQpHV7bt6E6LwdfDQ%253D%253D%26_IceUrl%3Dtrue%0A++++" id='url' target='_top'></a>
<noscript><a href="http://localpages.com/ipd.php?search=airline tickets&url=http%3A%2F%2Fwsclick.infospace.com%2Fclickserver%2F_iceUrlFlag%3D1%3FrawURL%3Dhttp%253A%252F%252Fwww.google.com%252Faclk%253Fsa%253DL%2526ai%253DCPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ%2526num%253D1%2526sig%253DAGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ%2526q%253Dhttp%253A%252F%252Fclickserve.dartsearch.net%252Flink%252Fclick%25253Flid%25253D43000000254803952%252526ds_s_kwgid%25253D58000000005443796%252526ds_e_adid%25253D5120795206%252526ds_e_matchtype%25253Dsearch%252526ds_url_v%25253D2%260%3D%261%3D0%264%3D70.42.254.106%265%3D...%269%3D15670783499344509667916ab88aca01%2610%3D1%2611%3Dlocalpages.id4%2613%3Dsearch%2614%3D245874%2615%3Dmain-title%2617%3D1%2618%3D1%2619%3D1%2620%3D1%2621%3D0%2622%3DVfium5PcWrM%253D%2640%3D64sWa%252FQpHV7bt6E6LwdfDQ%253D%253D%26_IceUrl%3Dtrue%0A++++" target='_top'>Click here to redirect to this website.</a></noscript>
</body>
</html>
<script>
document.location.href = "http://localpages.com/ipd.php?search=airline tickets&url=http%3A%2F%2Fwsclick.infospace.com%2Fclickserver%2F_iceUrlFlag%3D1%3FrawURL%3Dhttp%253A%252F%252Fwww.google.com%252Faclk%253Fsa%253DL%2526ai%253DCPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ%2526num%253D1%2526sig%253DAGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ%2526q%253Dhttp%253A%252F%252Fclickserve.dartsearch.net%252Flink%252Fclick%25253Flid%25253D43000000254803952%252526ds_s_kwgid%25253D58000000005443796%252526ds_e_adid%25253D5120795206%252526ds_e_matchtype%25253Dsearch%252526ds_url_v%25253D2%260%3D%261%3D0%264%3D70.42.254.106%265%3D...%269%3D15670783499344509667916ab88aca01%2610%3D1%2611%3Dlocalpages.id4%2613%3Dsearch%2614%3D245874%2615%3Dmain-title%2617%3D1%2618%3D1%2619%3D1%2620%3D1%2621%3D0%2622%3DVfium5PcWrM%253D%2640%3D64sWa%252FQpHV7bt6E6LwdfDQ%253D%253D%26_IceUrl%3Dtrue%0A++++";
</script>
Localpages redirects traffic to InfoSpace
GET /ipd.php?search=airline%20tickets&url=http%3A%2F%2Fwsclick.infospace.com%2Fclickserver%2F_iceUrlFlag%3D1%3FrawURL%3Dhttp%253A%252F%252Fwww.google.com%252Faclk%253Fsa%253DL%2526ai%253DCPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ%2526num%253D1%2526sig%253DAGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ%2526q%253Dhttp%253A%252F%252Fclickserve.dartsearch.net%252Flink%252Fclick%25253Flid%25253D43000000254803952%252526ds_s_kwgid%25253D58000000005443796%252526ds_e_adid%25253D5120795206%252526ds_e_matchtype%25253Dsearch%252526ds_url_v%25253D2%260%3D%261%3D0%264%3D70.42.254.106%265%3D...%269%3D15670783499344509667916ab88aca01%2610%3D1%2611%3Dlocalpages.id4%2613%3Dsearch%2614%3D245874%2615%3Dmain-title%2617%3D1%2618%3D1%2619%3D1%2620%3D1%2621%3D0%2622%3DVfium5PcWrM%253D%2640%3D64sWa%252FQpHV7bt6E6LwdfDQ%253D%253D%26_IceUrl%3Dtrue%0A++++ HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localpages.com
Connection: Keep-Alive
Cookie: SessionCookie=lpcjki2je1a9ah57baci8tu5j6
HTTP/1.1 200 OK
Date: Fri, 01 Jan 2010 18:06:39 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.10
Content-Length: 1181
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LocalPages.com - Searching Directories</title>
<style type="text/css">
<!--
a {
color: #1E4167;
font-family: arial;
font-weight: normal;
}
a:hover {
color: #6AAC26;
}
#container {
width: 612px;
height: 448px;
background: url(images/localpages-redirect.png) 0px 0px no-repeat;
margin: 20px auto 0px auto;
}
h4 {
margin-top: 10px;
padding: 0px;
}
#progress {
float: left;
width: 121px;
height: 27px;
margin: 375px 0px 0px 245px;
}
-->
</style>
</head>
<body>
<div id="container">
<div id="progress"><img src="images/progress.gif" width="121" height="27" /></div>
<div style="clear: both;"></div>
</div>
<h4 align="center">Please wait while you are being redirected to the advertisers page...</h4>
<META HTTP-EQUIV="refresh" content="0; url='http://localpages.com/resultshome1.php?search=airline tickets&button.x=0&button.y=0&distance=10&start=0&a=r'">
</body>
</html>
GET /resultshome1.php?search=airline%20tickets&button.x=0&button.y=0&distance=10&start=0&a=r HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localpages.com
Connection: Keep-Alive
Cookie: SessionCookie=lpcjki2je1a9ah57baci8tu5j6
HTTP/1.1 200 OK
Date: Fri, 01 Jan 2010 18:06:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.10
Referer: http://www.localpages.com/resultshome1.php?search=airline tickets&place=
Content-Length: 3046
Connection: close
Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Business Directory: Business Directory with Free Business Directory Yellow Page Advertising</title>
<script language="javascript">
window.history.forward(1);
function clicklink()
{
if(document.all)
{
document.all("url").click();
}
else
{
location.href="http://wsclick.infospace.com/clickserver/_iceUrlFlag=1?rawURL=http%3A%2F%2Fwww.google.com%2Faclk%3Fsa%3DL%26ai%3DCPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ%26num%3D1%26sig%3DAGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ%26q%3Dhttp%3A%2F%2Fclickserve.dartsearch.net%2Flink%2Fclick%253Flid%253D43000000254803952%2526ds_s_kwgid%253D58000000005443796%2526ds_e_adid%253D5120795206%2526ds_e_matchtype%253Dsearch%2526ds_url_v%253D2&0=&1=0&4=70.42.254.106&5=...&9=15670783499344509667916ab88aca01&10=1&11=localpages.id4&13=search&14=245874&15=main-title&17=1&18=1&19=1&20=1&21=0&22=Vfium5PcWrM%3D&40=64sWa%2FQpHV7bt6E6LwdfDQ%3D%3D&_IceUrl=true";
}
}
</script>
</head>
<img src="http://r.localpages.com/jump.php?fid=928" width="1" height="1"/>
<body onload="clicklink();">
<a href="http://wsclick.infospace.com/clickserver/_iceUrlFlag=1?rawURL=http%3A%2F%2Fwww.google.com%2Faclk%3Fsa%3DL%26ai%3DCPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ%26num%3D1%26sig%3DAGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ%26q%3Dhttp%3A%2F%2Fclickserve.dartsearch.net%2Flink%2Fclick%253Flid%253D43000000254803952%2526ds_s_kwgid%253D58000000005443796%2526ds_e_adid%253D5120795206%2526ds_e_matchtype%253Dsearch%2526ds_url_v%253D2&0=&1=0&4=70.42.254.106&5=...&9=15670783499344509667916ab88aca01&10=1&11=localpages.id4&13=search&14=245874&15=main-title&17=1&18=1&19=1&20=1&21=0&22=Vfium5PcWrM%3D&40=64sWa%2FQpHV7bt6E6LwdfDQ%3D%3D&_IceUrl=true" id='url' target='_top'></a>
<noscript><a href="http://wsclick.infospace.com/clickserver/_iceUrlFlag=1?rawURL=http%3A%2F%2Fwww.google.com%2Faclk%3Fsa%3DL%26ai%3DCPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ%26num%3D1%26sig%3DAGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ%26q%3Dhttp%3A%2F%2Fclickserve.dartsearch.net%2Flink%2Fclick%253Flid%253D43000000254803952%2526ds_s_kwgid%253D58000000005443796%2526ds_e_adid%253D5120795206%2526ds_e_matchtype%253Dsearch%2526ds_url_v%253D2&0=&1=0&4=70.42.254.106&5=...&9=15670783499344509667916ab88aca01&10=1&11=localpages.id4&13=search&14=245874&15=main-title&17=1&18=1&19=1&20=1&21=0&22=Vfium5PcWrM%3D&40=64sWa%2FQpHV7bt6E6LwdfDQ%3D%3D&_IceUrl=true" target='_top'>Click here to redirect to this website.</a></noscript>
</body>
</html>
InfoSpace redirects to a Google PPC paid click link
GET /clickserver/_iceUrlFlag=1?rawURL=http%3A%2F%2Fwww.google.com%2Faclk%3Fsa%3DL%26ai%3DCPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ%26num%3D1%26sig%3DAGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ%26q%3Dhttp%3A%2F%2Fclickserve.dartsearch.net%2Flink%2Fclick%253Flid%253D43000000254803952%2526ds_s_kwgid%253D58000000005443796%2526ds_e_adid%253D5120795206%2526ds_e_matchtype%253Dsearch%2526ds_url_v%253D2&0=&1=0&4=70.42.254.106&5=...&9=15670783499344509667916ab88aca01&10=1&11=localpages.id4&13=search&14=245874&15=main-title&17=1&18=1&19=1&20=1&21=0&22=Vfium5PcWrM%3D&40=64sWa%2FQpHV7bt6E6LwdfDQ%3D%3D&_IceUrl=true HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://localpages.com/resultshome1.php?search=airline tickets&button.x=0&button.y=0&distance=10&start=0&a=r
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: wsclick.infospace.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Fri, 01 Jan 2010 18:04:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.google.com/aclk?sa=L&ai=CPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ&num=1&sig=AGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ&q=http://clickserve.dartsearch.net/link/click%3Flid%3D43000000254803952%26ds_s_kwgid%3D58000000005443796%26ds_e_adid%3D5120795206%26ds_e_matchtype%3Dsearch%26ds_url_v%3D2
Set-Cookie: .ASPXANONYMOUS=0sBL2J6HHwn80hoWkY6ryA3D6h4_yLK3jFxitoAg76WIULjAs-DGVVupbcG2vp7er5S7C43ZExnL7lZ2iXXNOq-Ir_B9UVwfGztJn427M7M1; expires=Sun, 27-Nov-2011 04:44:05 GMT; path=/
Set-Cookie: ASP.NET_SessionId=z5fjm055shigdy55141ikeap; path=/
Set-Cookie: DomainSession=TransactionId=4e83db68dc76402f9c81916ab88aca01&SessionId=1c12810f9ded49ceb0c3916ab88aca01&ActionId=ae19f24ea8d44d5085fc916ab88aca01&CookieDomain=.infospace.com&PrevActionId=; domain=.infospace.com; expires=Fri, 01-Jan-2010 18:24:05 GMT; path=/
Set-Cookie: DomainUserProfile=AnonymousId=e9615597cdc447f3aea0916ab88aca01&LastSeenDateTime=1/1/2010 6:04:05 PM&IssueDateTime=1/1/2010 6:04:05 PM&CookieDomain=.infospace.com; domain=.infospace.com; expires=Sun, 08-Dec-2109 18:04:05 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 665
<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.google.com/aclk?sa=L&ai=CPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ&num=1&sig=AGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ&q=http://clickserve.dartsearch.net/link/click%3Flid%3D43000000254803952%26ds_s_kwgid%3D58000000005443796%26ds_e_adid%3D5120795206%26ds_e_matchtype%3Dsearch%26ds_url_v%3D2">here</a>.</h2>
</body></html>
</form>
</body>
</span>
</html>
Page issues event: Render, succeeded: True<br>
Google redirects to Continental -- sending the user back where the user began
GET /aclk?sa=L&ai=CPCIwqjk-S4rpKoy2tQPkn5X_A-yJ2YIBqKmLtxOt0ecIEAEgtJHTCygKUM7h5vsEYMmW7oiEpOwPyAEBqgQaT9D06OAFjw83xRmIIBNypXk0w50-mZUjAvQ&num=1&sig=AGiWqtxADw-5FTaTI-_WaLeLFbhnwgUuMQ&q=http://clickserve.dartsearch.net/link/click%3Flid%3D43000000254803952%26ds_s_kwgid%3D58000000005443796%26ds_e_adid%3D5120795206%26ds_e_matchtype%3Dsearch%26ds_url_v%3D2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://localpages.com/resultshome1.php?search=airline tickets&button.x=0&button.y=0&distance=10&start=0&a=r
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Cookie: PREF=ID=6b3b6897d3ef1e35:TM=1234043537:LM=1234043537:S=meQ1VFjeW8UceDH7
Connection: Keep-Alive
Host: www.google.com
HTTP/1.1 302 Found
Cache-Control: private
Location: http://clickserve.dartsearch.net/link/click?lid=43000000254803952&ds_s_kwgid=58000000005443796&ds_e_adid=5120795206&ds_e_matchtype=search&ds_url_v=2
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=6b3b6897d3ef1e35:TM=1234043537:LM=1262369205:S=xqe2JtDicjqEZaSx; expires=Sun, 01-Jan-2012 18:06:45 GMT; path=/; domain=.google.com
Date: Fri, 01 Jan 2010 18:06:45 GMT
Server: AdClickServer
Content-Length: 0
X-XSS-Protection: 0
GET /link/click?lid=43000000254803952&ds_s_kwgid=58000000005443796&ds_e_adid=5120795206&ds_e_matchtype=search&ds_url_v=2 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://localpages.com/resultshome1.php?search=airline tickets&button.x=0&button.y=0&distance=10&start=0&a=r
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Connection: Keep-Alive
Host: clickserve.dartsearch.net
HTTP/1.1 302 Moved Temporarily
Location: http://ad.doubleclick.net/clk;220213200;43781228;m;u=ds&sv1=254803952&sv2=2010010171&sv3=1152709;%3fhttp://www.continental.com/web/en-US/default.aspx
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Fri, 01 Jan 2010 18:06:45 GMT
Expires: Fri, 01 Jan 2010 18:06:45 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Content-Length: 273
Server: GFE/2.0
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://ad.doubleclick.net/clk;220213200;43781228;m;u=ds&sv1=254803952&sv2=2010010171&sv3=1152709;%3fhttp://www.continental.com/web/en-US/default.aspx">here</A>.
</BODY>
</HTML>
GET /clk;220213200;43781228;m;u=ds&sv1=254803952&sv2=2010010171&sv3=1152709;%3fhttp://www.continental.com/web/en-US/default.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://localpages.com/resultshome1.php?search=airline tickets&button.x=0&button.y=0&distance=10&start=0&a=r
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Cookie: id=800001b9677c801|1475931/339674/14282|t=1234043482|et=730|cs=xw7foa30
Connection: Keep-Alive
Host: ad.doubleclick.net
HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://FLS.doubleclick.net/act;sit=358759;spot=996458;~dc_rdr=?http%3A//www.continental.com/web/en-US/default.aspx
Date: Fri, 01 Jan 2010 18:06:45 GMT
Server: GFE/2.0
Content-Type: text/html
X-XSS-Protection: 0
GET /act;sit=358759;spot=996458;~dc_rdr=?http%3A//www.continental.com/web/en-US/default.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://localpages.com/resultshome1.php?search=airline tickets&button.x=0&button.y=0&distance=10&start=0&a=r
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Connection: Keep-Alive
Host: fls.doubleclick.net
Cookie: id=800001b9677c801|1475931/339674/14282|t=1234043482|et=730|cs=xw7foa30
HTTP/1.1 302 Moved Temporarily
Set-Cookie: id=800001b9677c801|996458/358759/14610,1475931/339674/14282|t=1234043482|et=730|cs=xw7foa30; Domain=.doubleclick.net; Expires=Mon, 07-Feb-2011 21:51:22 GMT; Path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: private, no-cache="Set-Cookie"
X-Frame-Options: ALLOWALL
Location: http://www.continental.com/web/en-US/default.aspx
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Fri, 01 Jan 2010 18:06:45 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Content-Length: 191
Server: GFE/2.0
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://www.continental.com/web/en-US/default.aspx">here</A>.
</BODY>
</HTML>